scc ide trust & functional model for ide standards identification g. whitehead january/february...

SCCIDE TRUST & Functional Model

for

IDE Standards Identification

G. WhiteheadJanuary/February 2013

2

IDE Functional & Trust Model - Work Summary

• IDE Levels & Chain of Trust Identified• Evidence of Trustworthiness Model Developed• End User Trust Policy/Criteria Sources Identified• Types of Assurances (to show Trustworthiness) Identified• IDE Processes & Systems Identified & Studied• Need for “Assurance Standards” Analyzed• Awareness of Standards Availability Developed• Standards Adoption/Adaptation Criteria Studied• Template for Standards Evaluation/Disposition

Created

3

Standards at the Systems & Processes Level of Trust

4

IDE Trust Model

5

Online: Banking Dating Socializing Gambling Lotteries Shopping Auctions Discovery Help And………………………..

Trust Policies & Criteria Come From End Users:

6

Potential User Group

7

Evidence of Trust Required by RP’s or End Users

8

Trustworthiness will Come From Delivery of:

• Privacy Assurance• Entity Identity Assurance• Entity Suitability Assurance (if provided)

• Entity Authentication Assurance• Security Assurance of Assurance Providers• IDE System & Processes – Security Assurance• IDE – Integrity Assurance (no breaches of trust)

• IDE Transparency Assurance• Recourse Assurance (ability to litigate assurance failures)

• Quality Assurance

9

Entity Trust Levels

10

11

12

Standards at the Systems & Processes Level of Trust

Root of Trust Standard Requirements & Availability

14

15

Template for Standards Evaluation & Disposition

16

17

18

19